ARMv8 Linux内核head.S源码分析

ARMv8Linux内核head.S主要工作内容：

1、从el2特权级退回到el1

2、确认处理器类型

3、计算内核镜像的起始物理地址及物理地址与虚拟地址之间的偏移

4、验证设备树的地址是否有效

5、创建页表，用于启动内核

6、设置CPU（cpu_setup），用于使能MMU

7、使能MMU

8、交换数据段

9、跳转到start_kernel函数继续运行。

*Low-level CPU initialisation

*Based on arch/arm/kernel/head.S

*Authors: Catalin Marinas<catalin.marinas@arm.com>

* Will Deacon<will.deacon@arm.com>

*This program is free software; you can redistribute it and/or modify

* itunder the terms of the GNU General Public License version 2 as

*published by the Free Software Foundation.

*This program is distributed in the hope that it will be useful,

*but WITHOUT ANY WARRANTY; without even the implied warranty of

*MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

*GNU General Public License for more details.

*You should have received a copy of the GNU General Public License

*along with this program. If not, see<http://www.gnu.org/licenses/>.

#include <linux/linkage.h>

#include <linux/init.h>

#include <asm/assembler.h>

#include <asm/ptrace.h>

#include <asm/asm-offsets.h>

#include <asm/memory.h>

#include <asm/thread_info.h>

#include <asm/pgtable-hwdef.h>

#include <asm/pgtable.h>

#include <asm/page.h>

*swapper_pg_dir is the virtual address of the initial page table. We place

*the page tables 3 * PAGE_SIZE below KERNEL_RAM_VADDR. The idmap_pg_dir has

* 2pages and is placed below swapper_pg_dir.

#define KERNEL_RAM_VADDR (PAGE_OFFSET + TEXT_OFFSET)

#if (KERNEL_RAM_VADDR & 0xfffff) !=0x80000

#error KERNEL_RAM_VADDR must start at0xXXX80000

#endif

#define SWAPPER_DIR_SIZE (3 * PAGE_SIZE)

#define IDMAP_DIR_SIZE (2 * PAGE_SIZE)

.globl swapper_pg_dir

.equ swapper_pg_dir, KERNEL_RAM_VADDR -SWAPPER_DIR_SIZE

.globl idmap_pg_dir

.equ idmap_pg_dir, swapper_pg_dir - IDMAP_DIR_SIZE

.macro pgtbl, ttb0, ttb1, phys

add \ttb1, \phys, #TEXT_OFFSET - SWAPPER_DIR_SIZE

sub \ttb0, \ttb1, #IDMAP_DIR_SIZE

.endm

#ifdef CONFIG_ARM64_64K_PAGES

#define BLOCK_SHIFT PAGE_SHIFT

#define BLOCK_SIZE PAGE_SIZE

#else

#define BLOCK_SHIFT SECTION_SHIFT

#define BLOCK_SIZE SECTION_SIZE

#endif

#define KERNEL_START KERNEL_RAM_VADDR

#define KERNEL_END _end

*Initial memory map attributes.

#ifndef CONFIG_SMP

#define PTE_FLAGS PTE_TYPE_PAGE | PTE_AF

#define PMD_FLAGS PMD_TYPE_SECT | PMD_SECT_AF

#else

#define PTE_FLAGS PTE_TYPE_PAGE | PTE_AF | PTE_SHARED

#define PMD_FLAGS PMD_TYPE_SECT | PMD_SECT_AF | PMD_SECT_S

#endif

#ifdef CONFIG_ARM64_64K_PAGES

#define MM_MMUFLAGS PTE_ATTRINDX(MT_NORMAL) | PTE_FLAGS

#define IO_MMUFLAGS PTE_ATTRINDX(MT_DEVICE_nGnRE) | PTE_XN | PTE_FLAGS

#else

#define MM_MMUFLAGS PMD_ATTRINDX(MT_NORMAL) | PMD_FLAGS

#define IO_MMUFLAGS PMD_ATTRINDX(MT_DEVICE_nGnRE) | PMD_SECT_XN | PMD_FLAGS

#endif

*Kernel startup entry point.

*---------------------------

*The requirements are:

* MMU= off, D-cache = off, I-cache = on or off,

* x0 =physical address to the FDT blob.

*This code is mostly position independent so you call this at

*__pa(PAGE_OFFSET + TEXT_OFFSET).

*Note that the callee-saved registers are used for storing variables

*that are useful before the MMU is enabled. The allocations are described

* inthe entry routines.

__HEAD //这是一个宏定义；#define__HEAD .section ".head.text","ax"; .section是伪指令ax代表允许执行

* DO NOT MODIFY. Image header expected byLinux boot-loaders.

b stext //branch to kernel start, magic

.long 0 //reserved

.quad TEXT_OFFSET // Image load offset from start of RAM

.quad 0 //reserved

ENTRY(stext)

mov x21, x0 //x21=FDT，x21中保存的是由Uboot传进来的，设备树在内存中的地址。

bl el2_setup //Drop to EL1，从当前特权级跳入EL1，具体函数内容请看下面el2_setup函数。

mrs x22, midr_el1 //x22=cpuid，x22中保存着cpuid，用以判断运行当前这段代码的CPU是哪一个。

mov x0, x22 //x0=cpuid，用于传送参数给函数lookup_processor_type。

bl lookup_processor_type //查看处理器类型，见后面具体定义

mov x23, x0 //x23=current cpu_table 把函数lookup_processor_type返回的cpu_table地址给x23

cbz x23, __error_p // invalid processor (x23=0)?

bl __calc_phys_offset //计算起始物理地址，返回的值中x24=PHYS_OFFSET, x28=PHYS_OFFSET-PAGE_OFFSET

bl __vet_fdt //返回后的x21中要么是无效保存0，要么是有效地fdt地址

bl __create_page_tables //为内核创建临时页表 x25=TTBR0,x26=TTBR1，本函数所建立的页表在后面paging_init会销毁重建。

* The following calls CPU specific code in aposition independent

* manner. See arch/arm64/mm/proc.S fordetails. x23 = base of

* cpu_info structure selected bylookup_processor_type above.

* On return, the CPU will be ready for the MMUto be turned on and

* the TCR will have been set.

ldr x27, __switch_data //由函数__enable_mmu中调用，此时MMU已经开启

adr lr, __enable_mmu //返回“地址无关”的地址,由函数__cpu_setup返回时调用，该函数中执行brx27调用__switch_data函数

ldr x12, [x23,#CPU_INFO_SETUP]

add x12, x12, x28 // __virt_to_phys

br x12 //x12中存放的是cpu_info结构体的cpu_setup字段

//该字段在cpu_table中被初始化为__cpu_setup函数，所里这里调用cpu_setup，不在本文件中暂不分析

//该函数返回后会把lr给pc，即直接调用上面的__enable_mmu

ENDPROC(stext)

* If we're fortunate enough to boot at EL2,ensure that the world is

* sane before dropping to EL1.

ENTRY(el2_setup)

mrs x0, CurrentEL //获得当前特权级

cmp x0, #PSR_MODE_EL2t //对比当前特权级是否为EL2

ccmp x0,#PSR_MODE_EL2h, #0x4, ne //NZCV= if notequal then CMP（x0,# PSR_MODE_EL2h） else 0x4

b.eq 1f

ret

/* Hyp configuration. */

1: mov x0, #(1 << 31) // 64-bit EL1，配置hypervisor模式控制寄存器

msr hcr_el2, x0

/* Generic timers. */ //配置通用时钟控制寄存器，使能EL1物理时钟

mrs x0, cnthctl_el2

orr x0, x0, #3 // Enable EL1 physicaltimers

msr cnthctl_el2, x0

/* Populate ID registers. */ //把ID寄存器移植到相应的虚拟化id配置寄存器中

mrs x0, midr_el1

mrs x1, mpidr_el1

msr vpidr_el2, x0

msr vmpidr_el2, x1

/* sctlr_el1 */ //把0x30d00800赋值给sctlr_el1寄存器

mov x0, #0x0800 // Set/clear RES{1,0} bits

movk x0,#0x30d0, lsl #16

msr sctlr_el1, x0

/* Coprocessor traps. */ //关闭协处理器异常陷入到EL2

mov x0, #0x33ff

msr cptr_el2, x0 // Disable copro. traps toEL2

#ifdef CONFIG_COMPAT

msr hstr_el2, xzr // Disable CP15 traps toEL2

#endif

/* spsr */

mov x0, #(PSR_F_BIT |PSR_I_BIT | PSR_A_BIT | PSR_D_BIT |\

PSR_MODE_EL1h)

msr spsr_el2, x0 //设置状态寄存器，退出EL2，进入EL1

msr elr_el2, lr

eret

ENDPROC(el2_setup)

.align 3

2: .quad .

.quad PAGE_OFFSET

//如果不是对称多处理（SMP）系统，则下面的次级CPU初始化功能都不做

#ifdef CONFIG_SMP

.pushsection .smp.pen.text, "ax"

.align 3

1: .quad .

.quad secondary_holding_pen_release

* This provides a "holding pen" forplatforms to hold all secondary

* cores are held until we're ready for them toinitialise.

ENTRY(secondary_holding_pen)

bl el2_setup //Drop to EL1

mrs x0, mpidr_el1

and x0, x0, #15 //CPU number

adr x1, 1b

ldp x2, x3, [x1]

sub x1, x1, x2

add x3, x3, x1

pen: ldr x4, [x3]

cmp x4, x0

b.eq secondary_startup

wfe

b pen

ENDPROC(secondary_holding_pen)

.popsection

ENTRY(secondary_startup)

* Common entry point for secondary CPUs.

mrs x22, midr_el1 //x22=cpuid

mov x0, x22

bl lookup_processor_type

mov x23, x0 //x23=current cpu_table

cbz x23, __error_p // invalid processor (x23=0)?

bl __calc_phys_offset // x24=phys offset

pgtbl x25, x26, x24 // x25=TTBR0, x26=TTBR1

ldr x12, [x23, #CPU_INFO_SETUP]

add x12, x12, x28 //__virt_to_phys

blr x12 //initialise processor

ldr x21, =secondary_data

ldr x27, =__secondary_switched // address to jump to after enablingthe MMU

b __enable_mmu

ENDPROC(secondary_startup)

ENTRY(__secondary_switched)

ldr x0, [x21] //get secondary_data.stack

mov sp, x0

mov x29, #0

b secondary_start_kernel

ENDPROC(__secondary_switched)

#endif /* CONFIG_SMP */

* Setup common bits before finally enablingthe MMU. Essentially this is just

* loading the page table pointer and vectorbase registers.

* On entry to this code, x0 must contain theSCTLR_EL1 value for turning on

* the MMU.

__enable_mmu:

ldr x5, =vectors

msr vbar_el1, x5

msr ttbr0_el1, x25 // load TTBR0

msr ttbr1_el1, x26 // load TTBR1

isb

b __turn_mmu_on

ENDPROC(__enable_mmu)

* Enable the MMU. This completely changes thestructure of the visible memory

* space. You will not be able to traceexecution through this.

* x0 = system control register

* x27 =*virtual* address to jump to upon completion

* other registers depend on the functioncalled upon completion

.align 6

__turn_mmu_on:

msr sctlr_el1, x0

isb

br x27

ENDPROC(__turn_mmu_on)

* Calculate the start of physical memory.

__calc_phys_offset: //计算起始物理地址值

adr x0, 1f //把标号1处地址给x0，因为adr指令是相对当前pc寄存器的偏移，而pc即物理地址所以这里是1f处的物理地址

ldp x1, x2, [x0] //把标号1处的前八字节给x1，后八字节给x2

sub x28, x0, x1 // 利用x0-x1计算虚拟物理地址之间的偏移。x28 = PHYS_OFFSET - PAGE_OFFSET，

add x24, x2, x28 // x24 = PHYS_OFFSET，计算出起始物理地址给x24

ret

ENDPROC(__calc_phys_offset)

.align 3

1: .quad .

.quad PAGE_OFFSET

* Macro to populate the PGD for thecorresponding block entry in the next

* level (tbl) for the given virtual address.

* Preserves: pgd,tbl, virt

* Corrupts: tmp1,tmp2

.macro create_pgd_entry,pgd, tbl, virt, tmp1, tmp2

lsr \tmp1, \virt,#PGDIR_SHIFT

and \tmp1, \tmp1, #PTRS_PER_PGD- 1 // PGD index

orr \tmp2, \tbl, #3 // PGD entry tabletype

str \tmp2, [\pgd,\tmp1, lsl #3]

.endm

* Macro to populate block entries in the pagetable for the start..end

* virtual range (inclusive).

* Preserves: tbl,flags

* Corrupts: phys,start, end, pstate

.macro create_block_map,tbl, flags, phys, start, end, idmap=0

lsr \phys, \phys,#BLOCK_SHIFT

.if \idmap

and \start, \phys,#PTRS_PER_PTE - 1 // table index

.else

lsr \start, \start,#BLOCK_SHIFT

and \start, \start,#PTRS_PER_PTE - 1 // table index

.endif

orr \phys, \flags,\phys, lsl #BLOCK_SHIFT // table entry

.ifnc \start,\end

lsr \end, \end,#BLOCK_SHIFT

and \end, \end,#PTRS_PER_PTE - 1 // table endindex

.endif

9999: str \phys, [\tbl,\start, lsl #3] // storethe entry

.ifnc \start,\end

add \start, \start, #1 // next entry

add \phys, \phys,#BLOCK_SIZE // next block

cmp \start, \end

b.ls 9999b

.endif

.endm

*设置初始化页表。我们只设置使内核能跑起来的最少数量的页表

*以下内容是必须的

* - 一致性映射用于使能MMU（低地址，TTBR0）

* -前几MB的内核线性映射包含FDT块（TTBR1）

* 为了解释更清楚，找了个网图，该图地址从下网上递增

//内核镜像里的所有符号都是虚拟地址，在完成了基本初始化，内核需要跳到C语言的start_kernel运行，

//此时如果不开启MMU，则符号的地址当成物理地址，直接使用会导致内核崩溃。

//ARMv8页表建立过程请参看我的另一篇博文；ARMv8(aarch64)页表建立过程详细分析

__create_page_tables:

pgtbl x25,x26, x24 //idmap_pg_dir and swapper_pg_dir addresses看前面pgtbl宏，

//x25:ttbr0（两个page）, x26:ttbr1（3个page） x24:内核起始物理地址。

//这里宏的意思是，在上图KERNEL_RAM_PADDR下面,PHYS_OFFSET上面开辟3个页面，起始地址给x26，

//然后再开辟2个页面，起始地址给x25

* Clear the idmap andswapper page tables.

mov x0, x25

add x6, x26,#SWAPPER_DIR_SIZE //以下内容就是清空上面申请的五个页面

1: stp xzr, xzr, [x0], #16

stp xzr, xzr, [x0],#16

cmp x0, x6

b.lo 1b

ldr x7, =MM_MMUFLAGS //内核中该标号定义是：#defineMM_MMUFLAGS PTE_ATTRINDX(MT_NORMAL)| PTE_FLAGS

//#define MT_NORMAL 4; #definePTE_FLAGS PTE_TYPE_PAGE | PTE_AF |PTE_SHARED

* Create the identitymapping.

add x0, x25,#PAGE_SIZE // section tableaddress

adr x3, __turn_mmu_on // virtual/physical address

create_pgd_entry x25, x0, x3, x5, x6

create_block_map x0, x7, x3, x5, x5, idmap=1

* Map the kernelimage (starting with PHYS_OFFSET).

add x0, x26,#PAGE_SIZE // section tableaddress

mov x5, #PAGE_OFFSET

create_pgd_entry x26, x0, x5, x3, x6

ldr x6, =KERNEL_END- 1

mov x3, x24 // phys offset

create_block_map x0, x7, x3, x5, x6

* Map the FDT blob(maximum 2MB; must be within 512MB of

* PHYS_OFFSET).

mov x3, x21 // FDT physaddress

and x3, x3, #~((1<< 21) - 1) // 2MB aligned

mov x6, #PAGE_OFFSET

sub x5, x3, x24 // subtract PHYS_OFFSET

tst x5, #~((1<< 29) - 1) //within 512MB?

csel x21, xzr, x21, ne // zero the FDT pointer

b.ne 1f

add x5, x5, x6 // __va(FDT blob)

add x6, x5, #1<< 21 // 2MB for theFDT blob

sub x6, x6, #1 // inclusive range

create_block_map x0, x7, x3, x5, x6

ret

ENDPROC(__create_page_tables)

.ltorg

.align 3

.type __switch_data,%object

__switch_data: //先定义一些标号

.quad __mmap_switched

.quad __data_loc // x4

.quad _data // x5

.quad __bss_start // x6

.quad _end // x7

.quad processor_id // x4

.quad __fdt_pointer // x5

.quad memstart_addr // x6

.quad init_thread_union+ THREAD_START_SP // sp

*该函数在MMU开启后执行，用于设置C语言运行时的环境，例如执行重定位，设置堆栈，清空BSS段等

__mmap_switched:

adr x3, __switch_data+ 8 //x3指向__data_loc起始处

ldp x4, x5, [x3], #16 //x4=__data_loc;x5=_data

ldp x6, x7, [x3], #16 //x6=__bss_start;x7=_end

这段代码比较难懂,直接翻译过来如下：

if(__data_loc==_data)

b 2f

else

if _data==__bss_start

b 2f

else

memcpy(_data, __data_loc,8)

效果等同于：

if (__data_loc == _data || _data != _bass_start)

memcpy(_data, __data_loc, 8);

cmp x4, x5 // Copy datasegment if needed，

1: ccmp x5, x6, #4, ne

b.eq 2f

ldr x16, [x4], #8

str x16, [x5], #8

b 1b

1: cmp x6, x7

b.hs 2f

str xzr, [x6], #8 // Clear BSS

b 1b

ldp x4, x5, [x3], #16

ldr x6, [x3], #8

ldr x16, [x3]

mov sp, x16 //设置栈指针

str x22, [x4] // Save processor ID

str x21, [x5] // Save FDT pointer

str x24, [x6] // Save PHYS_OFFSET

mov x29, #0

b start_kernel //跳到start_kernel继续运行

ENDPROC(__mmap_switched)

* Exception handling. Something went wrong andwe can't proceed. We ought to

* tell the user, but since we don't have anyguarantee that we're even

* running on the right architecture, we dovirtually nothing.

__error_p:

ENDPROC(__error_p)

__error:

1: nop

b 1b

ENDPROC(__error)

* This function gets the processor ID in w0and searches the cpu_table[] for

* a match. It returns a pointer to the structcpu_info it found. The

* cpu_table[] must end with an empty (allzeros) structure.

* This routine can be called via C code and itneeds to work with the MMU

* both disabled and enabled (the offset iscalculated automatically).

ENTRY(lookup_processor_type)

adr x1,__lookup_processor_type_data //把标号__lookup_processor_type_data的虚拟地址给x1，见下面标号内容

ldp x2, x3, [x1] //把x1地址处的内容前16字节分别给x3，x2。X2中存储前八字节

sub x1, x1, x2 // get offset between VA andPA x1减去x2就是虚拟地址与物理地址的差值，

//再加上x3，就是cpu_table结构体在内存中的物理地址，在赋值给x3.

add x3, x3, x1 // convert VA to PA

/*结构体cpu_info内容：

*struct cpu_info {

*unsigned int cpu_id_val;

*unsigned int cpu_id_mask;

*const char *cpu_name;

*unsigned long (*cpu_setup)(void);};

ldp w5, w6, [x3] // load cpu_id_val andcpu_id_mask 把cpu_table这个结构体的前八字节分别给w6,w5，w5存储前4字节。即cpu id

cbz w5, 2f // end of list?，如果w5寄存器值为0，则跳转到前面2标号处

and w6, w6, w0 //把cpu id mask与w0寄存器（CPUID）做与运算，w0就是前面mrs x22,midr_el1执行结果，即cpuid

cmp w5, w6 //对比操作系统中设定的CPUID与实际的处理器ID是否相同

b.eq 3f //相同则跳转到标号3处

add x3, x3,#CPU_INFO_SZ //否则把x3的值加上sizeof(cpuinfo)【=sizeof(cpu_table)】，再跳转到后面标号1处做比对。

b 1b

mov x3, #0 // unknownprocessor，由于cpu id为零，无法识别处理器

mov x0, x3 //把x3中内容存到x0中，当做参数返回。X3存储的是cpu_table的物理地址

ret

ENDPROC(lookup_processor_type)

.align 3

.type __lookup_processor_type_data,%object

__lookup_processor_type_data:

.quad .

.quad cpu_table

.size __lookup_processor_type_data,. - __lookup_processor_type_data

* Determine validity of the x21 FDT pointer.

* The dtb must be 8-byte aligned and live inthe first 512M of memory.

* 判断x21寄存器中的FDT指针是否有效；dtb必须是8字节对齐并且在内存前512M中

__vet_fdt:

tst x21, #0x7 //前面提到过x21中存放fdt地址，测试低三位

b.ne 1f

cmp x21, x24 //对比x21地址与内核镜像起始物理地址PHYS_OFFSET比对，若小于则无效

b.lt 1f

mov x0, #(1 <<29) //1<<29=512M

add x0, x0, x24 //对比x21与起始物理地址+512M

cmp x21, x0

b.ge 1f //如果大于512M则无效

ret //否则返回

mov x21, #0 //清空x21并返回

ret

ENDPROC(__vet_fdt)

希望大家有问题留言给我，一起讨论共同进步:）

参考网址：http://blog.****.net/tommy_wxie/article/details/7238748

秒客网

ARMv8 Linux内核head.S源码分析

相关文章